Test plugin crashes after throwExceptionNextInvoke

RESOLVED WORKSFORME

Status

()

Core
Plug-ins
P3
critical
RESOLVED WORKSFORME
5 years ago
10 months ago

People

(Reporter: Jesse Ruderman, Unassigned)

Tracking

({crash, testcase})

Trunk
x86_64
Mac OS X
crash, testcase
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(crash signature)

Attachments

(2 attachments)

(Reporter)

Description

5 years ago
Created attachment 674493 [details]
testcase

The child process crashes touching an address that's obviously attacker-controllable.
(Reporter)

Comment 1

5 years ago
Created attachment 674496 [details]
stack

No particular reason this needs ASan.  I think it just happens to be my only setup where I detect child-process crashes, and where the Test Plugin runs.

Comment 2

5 years ago
We don't ship the testplugin, I'm not sure why this needs to be s-s. There are probably lots of ways to abuse the testplugin testing methods, and I'm not sure it's worth fixing them.
Jesse is the plugin exercising a problem on our end?
(Reporter)

Comment 4

5 years ago
(In reply to Benjamin Smedberg  [:bsmedberg] from comment #2)
> There are probably lots of ways to abuse the testplugin testing methods, and
> I'm not sure it's worth fixing them.

The DOM fuzzer will have an easier time finding bugs in Gecko's plug-in code if the Test Plugin exposes a large and robust set of APIs.

I'll just make it avoid calling throwExceptionNextInvoke for now.

Comment 5

5 years ago
ok, opening this up. Fixing this case shouldn't be hard, although the testplugin was not written in a hardened way and skips a bunch of error checking in general.
Group: core-security
Priority: -- → P2

Updated

5 years ago
Priority: P2 → P3
I'm marking this bug as WORKSFORME as bug crashlog signature didn't appear from a long time (over half year).
Status: NEW → RESOLVED
Last Resolved: 10 months ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.